A nasty search hijacking malware which targets Apple MacOS devices, was spotted in the wild by security firm AiroAV last week. It can be used for MITM attacks on these devices.
What’s different about the malware is its love for Microsoft, which is more than Google. It injects results from Bing when the user searches for something on Google Search.
According to AiroAV, the malware works differently than previous hijacking methods, which involve installing browser extensions and injecting Apple script. Unfortunately for the attackers, Apple closed most of these loopholes with the release of MacOS Mojave last year.
The macOS malware masquerades itself as a fake Adobe Flash plugin. It can be delivered to the user as an email or as a drive-by download. The installation setup of the fake flash player looks almost normal to unsuspecting users.
After that, the malware creates a local proxy on the infected machine by asking the user to give their Apple username and password. The proxy can be used to hijack all the traffic and make the desired changes.
Why Bing results?
The malware doesn’t have any unconditional love for Microsoft’s search engine. It’s just that inserting Bing results lets the attacker make some money by serving ads during the process. “It could be Bing ads in this case, or other ads throughout the process,” according to AiroAV.
AiroAV researchers also said that this aggressive approach could be a response to the lock downs that Apple has done with MacOS Mojave.
via The Register